<?php
require('includes/top.php');
$strpass = $_POST['currentpass'];
$strnewpass = $_POST['newpass'];

echo $sql = "SELECT * FROM users WHERE user_name ='".$_SESSION['user_name']."' and user_password='".$strpass."'"; 
$result = mysql_query($sql);

//echo mysql_num_rows($result);

if(mysql_num_rows($result)){
$sql="Update users set `user_password`='$strnewpass' where user_name ='".$_SESSION['user_name']."' and user_password='".$strpass."'";
		echo $sql;
		
		$result=mysql_query($sql); 

header("location:logoff.php?upacc=1");
}
else
{
header("location:change_password.php?cper=1");
}
?>